whekin/household-bot
1
0
Fork 0
mirror of https://github.com/whekin/household-bot.git synced 2026-03-31 14:34:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3b7fa31670a12624e174eab0ad9fc7b1067ae809
household-bot/docs/runbooks/iac-terraform.md

1.2 KiB
Raw Blame History

Terraform IaC Runbook

Purpose

Provision and maintain GCP infrastructure for bot API, mini app, scheduler, and runtime secrets.

Prerequisites

  • Terraform >= 1.8
  • GCP project with billing enabled
  • Local auth:
gcloud auth application-default login

Bootstrap

cp infra/terraform/terraform.tfvars.example infra/terraform/terraform.tfvars
terraform -chdir=infra/terraform init
terraform -chdir=infra/terraform plan
terraform -chdir=infra/terraform apply

Quality checks

bun run infra:fmt:check
bun run infra:validate

Add secret values

After first apply, add secret versions:

echo -n "<telegram-webhook-secret>" | gcloud secrets versions add telegram-webhook-secret --data-file=- --project <project_id>
echo -n "<scheduler-shared-secret>" | gcloud secrets versions add scheduler-shared-secret --data-file=- --project <project_id>

Environment strategy

  • Keep separate states for dev and prod.
  • Prefer separate GCP projects for stronger isolation.
  • Keep environment-specific variables in dedicated *.tfvars files.

Destructive operations

Review plan output before apply/destroy:

terraform -chdir=infra/terraform plan -destroy
terraform -chdir=infra/terraform destroy
Reference in New Issue View Git Blame Copy Permalink